Overview

overview

1

Static

static

1

file01.vbs

windows7-x64

1

Analysis

  • max time kernel
    1043s
  • max time network
    1046s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file01.vbs

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
1/10

Malware Config

Signatures

  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies registry class 47 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file01.vbs"
    1⤵
      PID:2120
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2828
      • C:\Windows\System32\notepad.exe
        "C:\Windows\System32\notepad.exe"
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3012
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x5cc
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2420
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1900
        • C:\Windows\system32\tree.com
          tree
          2⤵
            PID:2952
          • C:\Windows\system32\tree.com
            tree
            2⤵
              PID:2248
            • C:\Windows\system32\tree.com
              tree
              2⤵
                PID:2964
              • C:\Windows\system32\tree.com
                tree
                2⤵
                  PID:2180
                • C:\Windows\system32\tree.com
                  tree
                  2⤵
                    PID:816
                  • C:\Windows\system32\tree.com
                    tree
                    2⤵
                      PID:996
                    • C:\Windows\system32\tree.com
                      tree
                      2⤵
                        PID:2400
                      • C:\Windows\system32\tree.com
                        tree
                        2⤵
                          PID:1708
                        • C:\Windows\system32\tree.com
                          tree
                          2⤵
                            PID:1208
                          • C:\Windows\system32\tree.com
                            tree
                            2⤵
                              PID:2184
                          • C:\Windows\system32\taskkill.exe
                            "C:\Windows\system32\taskkill.exe"
                            1⤵
                            • Kills process with taskkill
                            PID:1328
                          • C:\Windows\system32\taskkill.exe
                            "C:\Windows\system32\taskkill.exe" /f /im explorer.exe & cmd.exe
                            1⤵
                            • Kills process with taskkill
                            PID:2164
                          • C:\Windows\system32\taskkill.exe
                            "C:\Windows\system32\taskkill.exe"
                            1⤵
                            • Kills process with taskkill
                            PID:1444
                          • C:\Windows\system32\iexpress.exe
                            "C:\Windows\system32\iexpress.exe"
                            1⤵
                              PID:3040

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\Desktop\AddStop.tiff
                              Filesize

                              465KB

                              MD5

                              3e1b5b4bf9e29e0de1401445e9486aa4

                              SHA1

                              932d6574e207f0ccde0c47382dc68dbb78ded8fd

                              SHA256

                              08ec3156e65858dfc4aedb081563ba664792150497fc7062a44d9927c42aa106

                              SHA512

                              79d23400c1bdd5519b454d171bc713cc51e6ba8016c0806a0f3f2531f1039392f03599c28691b35453d9bca6b896901ec5c980c2fa7f8c79c371ab2c99d275ae

                              Download Submit
                            • C:\Users\Admin\Desktop\ClearCompress.001
                              Filesize

                              561KB

                              MD5

                              d971e83c35d13f03b1e89226a200a5fb

                              SHA1

                              70e85bffae0e010ea8c3261c01afee72fa219145

                              SHA256

                              4486d0f4dc13a367e9355bfc481fe7064c6ce246e3666218f6c0539def0b20dd

                              SHA512

                              93d4c66d62838393342cd364a68ccbb6f9316f5df28655b604bf005bf3c040e8e94fae6cbeaae16775f7e275ac943f6ac32200dc346c7e9863dc1dcb254035d7

                              Download Submit
                            • C:\Users\Admin\Desktop\ConfirmApprove.ods
                              Filesize

                              417KB

                              MD5

                              3b6aba252ad10b904942ee5adef97133

                              SHA1

                              985a951ebb047cee1477012380bb24a173d28bb5

                              SHA256

                              0369ed5f417974c2e2319409d98218515ce9dc8a92a00ef26b5225bae10ccb61

                              SHA512

                              6454611b9d7fa9c2676da1c6a1397b1501b7e0a81b466c7dc553f49bf1e53073dbd5dc623f3ef894dadcebeab9b6a963e627d48e8b2988d6c58a5416f8b4052a

                              Download Submit
                            • C:\Users\Admin\Desktop\ConfirmCheckpoint.bmp
                              Filesize

                              752KB

                              MD5

                              35587275e03edc21081bc9fac0baadad

                              SHA1

                              5e304a3d91c5d84b62d4683cfebbd307646100b2

                              SHA256

                              c7d9a4444606804a64483d203cdaff7ef1d604ab559d716d6641415935347f3e

                              SHA512

                              21de7ba312036a61cd32e51527a2d8ab5fda85349b40eb446d8b7dc706378ea091ca9c5466fbee2c0f3ba4376c207545e632291eaa1820a37de93ff3f0128d30

                              Download Submit
                            • C:\Users\Admin\Desktop\ConfirmGet.wm
                              Filesize

                              608KB

                              MD5

                              c72158a32001b85fe004af811cf7e13b

                              SHA1

                              d560c776cfb0fc93f275397d96d8c1128b8c7ce9

                              SHA256

                              e2efe4ba167e5a09f018c62d16dc3cff502921186a770a91f44dea7c6ccbd533

                              SHA512

                              3d4e792d1e8c0abcd3ffb227120d65ea5de7653ce3a47e044f3eefacbe97510e847cf90053c5ef4ac7af16e528197b4054715cad93b6da4dc5e726487ecc6280

                              Download Submit
                            • C:\Users\Admin\Desktop\ConvertFromCompress.xlsx
                              Filesize

                              11KB

                              MD5

                              86d02bfc7427ec1cc61cc674b4b00420

                              SHA1

                              13a84bba7bdfddd3111e8169f21e7fb5655711ca

                              SHA256

                              1bd45c770f5b80030d95e3bb96780907752f3310fe56799c153a76952b624d61

                              SHA512

                              55a2532eccc3b5cb6d74e4932cebd77fbb8ac06b124770bcce17416474e472ed6cf7c1d23013dba22a54c9298f08ef888f13569fa4effa8735ec3f5fd30fea8f

                              Download Submit
                            • C:\Users\Admin\Desktop\DismountRemove.jfif
                              Filesize

                              847KB

                              MD5

                              b0260a962461169fa804021a3cfe3854

                              SHA1

                              93f820aa88e58982c0667179e2d16c3b1985e461

                              SHA256

                              fadce2b854ef668b8d10cae57e9b33236d0dd46ba8f5007dccbcbce72a6b277b

                              SHA512

                              3802539056b8bffb62d0abde13431c4186872bcfa3c76918f8f56e0db0805a62807e70bf8d353a8f07bee3769a148dac758fbe8b3858c1ba8f8ce0a19e472771

                              Download Submit
                            • C:\Users\Admin\Desktop\EnableRename.xlsb
                              Filesize

                              799KB

                              MD5

                              f076bfa6e270a82800a3a53830fa489c

                              SHA1

                              f9f1153b978b4b7f2e2cb5a432a5ba020465856f

                              SHA256

                              58eb6287bf685387cd2c596b3c0cec2297606dfbd2f5ad25c1ffd78f65fc5fb5

                              SHA512

                              1bc16bec7b9cb74b3eaeb7567ddbb708b0e8bac6496605d91e9c6556167996276e5556f02f48a0969db54ec7ec7bb6673cf6ed3391989f2e306cb39b94547194

                              Download Submit
                            • C:\Users\Admin\Desktop\EnableUnprotect.wdp
                              Filesize

                              776KB

                              MD5

                              1e6d064a4175b5c90661a8685f39f2d9

                              SHA1

                              a40ead29a83123b01f244b60b71d519624897d67

                              SHA256

                              9f1ebbdb285a0f2762cc1e7f9e674f81b7b5b2a3cb1a4188fce8660132b84840

                              SHA512

                              2f0462da78eefc80622dea419d8a85f9b6fef1d27807ca00ff3df681ca659733e48b51279a940f899571470f762376970ba3feaddae26f0eb1786dd13f6d66ae

                              Download Submit
                            • C:\Users\Admin\Desktop\FindWrite.xlsx
                              Filesize

                              10KB

                              MD5

                              67e7ed6bd7918b6a43fbc49087093c86

                              SHA1

                              21dba247fa6be20ecb5327a7cfabf05da9aa38a5

                              SHA256

                              1c781fddd08accacea3647ca6bd83b0233832b1bbf3a8302c6bc2c9903e68ce4

                              SHA512

                              6aa329313cbc9489b11bc56ae1e6cf07acb99c55f63ae69bccc9d5453c1bb6a30c717d82a7d9d51c75fea9a12dd183dc989132f2fb214d6aac16f35560fed655

                              Download Submit
                            • C:\Users\Admin\Desktop\GetFind.wmv
                              Filesize

                              823KB

                              MD5

                              00d98a0712989a61d19309d80a309f4f

                              SHA1

                              c540d97d95b6472bb5456593b85faf78dc1e7317

                              SHA256

                              0854b6be863bf122f2928f4af62ce653fc64b6db66bf19a1bb70a3a416591077

                              SHA512

                              74bd9cd1e13fe6a5b1fdabfbf8e5cbc40992fd7c5e2c6e6661b95e794c663f96daaf450b22b4394195e3dc824e655236fa3b2ce662e5bf25a1b273c318faabad

                              Download Submit
                            • C:\Users\Admin\Desktop\InitializeRead.wav
                              Filesize

                              537KB

                              MD5

                              2ee58e744515763969e133580527ea39

                              SHA1

                              1ba1fa09063ded4fd96337dd649e5c8ee5fb0259

                              SHA256

                              84a7df676345edb225e12bc1bcbf4bf785c4de26dbf44ba87060dd7216da3c88

                              SHA512

                              bd6723719b5d4b5fa6baba207d4c8fd70cefded19e01fab6d785e2c1770734bac09f00b56a67d5af49d5a9f5e48ebf35bc05dfc8c54862dcef6b9faf2e215a2b

                              Download Submit
                            • C:\Users\Admin\Desktop\InstallMove.mov
                              Filesize

                              680KB

                              MD5

                              aa0186e1c430421e0bfd5d1375add79d

                              SHA1

                              53a5ef07d032e4e5cef380a0e1b093bbb14901c2

                              SHA256

                              4552c958f2c711d914b97eb592d916c768db5e0f1138325403efa5886b12a0a3

                              SHA512

                              3f0e1320d2e179592ce7f4d5569f48ddb7a594cd47add6900de13b6fbba635b95a0c9c8428eeffc9b860648ce8d455a6aaaf8b73c9394782dacb8c773d6a1d35

                              Download Submit
                            • C:\Users\Admin\Desktop\JoinOut.dwg
                              Filesize

                              346KB

                              MD5

                              d34a300afc078bab9944e159c05ab619

                              SHA1

                              8d73624b89bf4535542572cb9fe50981338597da

                              SHA256

                              b47ce5c5e7bdfee6443e2de4e41b8ef10ccaafe9c7403e689f6bb106084d9b1d

                              SHA512

                              10fa7b80725c6bc828b6425e14dfb33baa5c45d9fcbf331754a8f69d52e934cfe0066481b17ff2ced0ade5c8a52210d87430224d61d6e94fcae4afb4f0d290e5

                              Download Submit
                            • C:\Users\Admin\Desktop\LOADDATA1.bat
                              Filesize

                              999B

                              MD5

                              1ad2846b25c722902869d615b1871377

                              SHA1

                              75b3b06bdf1d9b435e1eba68c22974d9a1cb9682

                              SHA256

                              449d0bb0ac7f24c6f45b3f5ba953df6f38f1e28407661e273ba950a1cac8f426

                              SHA512

                              4f467a0a2e9ee910ce349cb764a8dfc8d5bfaf2513cd11fa2f740b2efa2e54ef941860af9faaf1a769384f5faef789fe330f9b9bcada69e7ff4cb3cba7a98cc4

                              Download Submit
                            • C:\Users\Admin\Desktop\LockConvertTo.docx
                              Filesize

                              14KB

                              MD5

                              4a03a6f53a76df341ee3d6407f3f6b8f

                              SHA1

                              cbd98708438a89827b112515373ab24c725ea7c9

                              SHA256

                              019855e17cbe42acc36b3b037329b5584f8f9703b668f458ba7ea65e13361fc8

                              SHA512

                              72e4d0cc8eb804864bcd7ac4a045357a2932b3e8dd75037f92b213435c4ebd01b1fae348c4159cdf5121a114515e1c21cd5230cd63dee39979ca36350363ca18

                              Download Submit
                            • C:\Users\Admin\Desktop\MoveUnpublish.xltm
                              Filesize

                              919KB

                              MD5

                              ebaf648ab4a1bdb927090226deba4965

                              SHA1

                              c6ba652fd31aa41a48918b6b839cdb6bb75937f1

                              SHA256

                              287ab8a6147f7f3e150d4a7a76715371837c0b305f634fbc86dd9fe67b03dfec

                              SHA512

                              2d16bc902660304ec189602c44ce2d7c048fee418a5cf8fec28bbf75a3dd7c2a513266fe13b1ffb105611deab33b9fd0190d1559c8e6e6d803da4dc7a7ba1eda

                              Download Submit
                            • C:\Users\Admin\Desktop\NewRegister.ADTS
                              Filesize

                              513KB

                              MD5

                              e7eb805204de14921bb4e59e4e08452b

                              SHA1

                              ee560b2b76d9a0cc08bda3a2aa44e082c4e0c95a

                              SHA256

                              a9795046727d685f648b7220b4610a88c2a69f20d9b1870bf8bfb663d9de37b1

                              SHA512

                              b3e9da216811cae55b8a992e9824acd57a181336bae038790cdd93b825d52c1a0cddb9b5a7e25ebbb6a280031afbaa522d3b19ee9c8bd3e94dbed8be3493c766

                              Download Submit
                            • C:\Users\Admin\Desktop\OutUse.xlsx
                              Filesize

                              11KB

                              MD5

                              78486c595874f51aee1d9e2327da7d4c

                              SHA1

                              d38989dbeb67b8dc6a6d41d5012cf8da3a9e8ad2

                              SHA256

                              9b60cee52d81b3ab55cc6d671c7ee63c9cbeec646a8f28d8975693d78496b2f4

                              SHA512

                              3206e22a41a81cd1727ede7051e6506988b050e80075701457445c89905eea2885e72ba24a0660c4064503561490a0b71fc7fffebb53d3445093ba54834b66f4

                              Download Submit
                            • C:\Users\Admin\Desktop\PublishRepair.ps1
                              Filesize

                              370KB

                              MD5

                              189dc0f6e75c1ff58f0d8904582c271f

                              SHA1

                              3ffabe266dd4dbeedd65742647a7b510ab23fbcc

                              SHA256

                              3f582f80351d707724b1f0a0e3a56e52c05989dae44157fad0b9882fbbab4c78

                              SHA512

                              e758e99939b40180e11d25665b152f371130fb09b7ac4acae6f70398c3962a21d0ab457be6819a5267b9d25d881bf2b721143bbf0ca0239d58f5eb3af217ddcb

                              Download Submit
                            • C:\Users\Admin\Desktop\PublishUnblock.wax
                              Filesize

                              656KB

                              MD5

                              b75514ab6902fa15f622305c3799f81a

                              SHA1

                              f9a2fafa1105fdde0150e93d0222c42403032362

                              SHA256

                              d5e786671cc03bcf4fe9d59fb14a2ca14cefce2aaf0a3dac4b6bd4e51b65f67a

                              SHA512

                              b84433499bca90f844f1095dd62ac647d8546f563c8cee8d50576911534a68411282688fb09371659aa31cd19e20e2cee069900671d8b1c3a30005b080e089b8

                              Download Submit
                            • C:\Users\Admin\Desktop\PushWrite.xlsx
                              Filesize

                              14KB

                              MD5

                              4b1f9fbef7aa9d65a2fbd993af3d2d80

                              SHA1

                              0c6af223e21290bb317246ed7a05688d33106897

                              SHA256

                              5b693b371c74b12d8278463792a607257c8ad83a48422e00ab5d6bb629438302

                              SHA512

                              11ff2a6eec3e45639b3ef67e556780d1882483f1f1b02c8d379038101bb386e146616b2f512b18eed1c915e19244a172540cff1407fb6b7cc61e98b943353b12

                              Download Submit
                            • C:\Users\Admin\Desktop\ReceiveRemove.001
                              Filesize

                              895KB

                              MD5

                              43ca9a87b053821b2e37b6f5aac457da

                              SHA1

                              0521efa253b59fce0e89c8537d4ffbacabc0a6f2

                              SHA256

                              2e3d61bc7a01692052ca5897e6b8528dd176de594d7a53ada7d5eb25f242233e

                              SHA512

                              a140c5cb49005868915bd01213cc15d981791522037f0f0e48459ebec7cc7a99856f5b5d94660527ca678d98d5eeffffaa7302de26edd4b8035d094b4d5e8c44

                              Download Submit
                            • C:\Users\Admin\Desktop\RedoTrace.xlsx
                              Filesize

                              11KB

                              MD5

                              2923f428fb9f8961f13f7036ac31762e

                              SHA1

                              3d4c0189b1dbc1edf40a52e0a42786509c6de9b8

                              SHA256

                              667c9d5996a1ddb1b76c2371dce728b1150145ead9fd405c48c7e55f3b6ba062

                              SHA512

                              46ca63acb195a8cde2a8f689c1961f3f7a0eb9bffd2ff9314886d7d02ae35ffac09bd6fd284bba2f294f68e17285ef5f0db5784aab136b3da9e9438a5f214503

                              Download Submit
                            • C:\Users\Admin\Desktop\RepairUndo.vsw
                              Filesize

                              489KB

                              MD5

                              d1f969cbb3ec0c10a844d5cedd82eac4

                              SHA1

                              9339a60488a5ef9ed946e6f215a8b4181fabc260

                              SHA256

                              6660497784bcc23c8458bdc4e1c49fc748946147e0a71ab38101b3ffe60338e7

                              SHA512

                              acb4e12ef61ec6a51af9ac8a18c8c4ff4427d70341d90588f9f71bd5f0e535bf08a62cb697203aa099b42a4211b851b27cea36bf74eceb3057d4b1439fedc5bb

                              Download Submit
                            • C:\Users\Admin\Desktop\RequestRename.tiff
                              Filesize

                              441KB

                              MD5

                              628b5f4d9e263ec47d809b2c6ae79986

                              SHA1

                              a93782eb4ba33fefa0c34ca39f5ad8cd68b931ec

                              SHA256

                              9c004053f92ddcc2d3171d21e68c1ca2a84246f14c5162d808938948ca28c812

                              SHA512

                              da0ee9fb667b2f6d36c24506c266ccd142b35410d9ab22c3a2b34ce06acd926476e8784fdee7e19445fcc790175dc66fb2e28c911ea6e177b58d0971dad95b61

                              Download Submit
                            • C:\Users\Admin\Desktop\RestartClear.M2TS
                              Filesize

                              704KB

                              MD5

                              e465817f4e90e113c623bc2e6d57886e

                              SHA1

                              823efd942700e0dc8782a791fecc3077fe175fcf

                              SHA256

                              4f9bf6cf87e6b92f661fcd272d76ca8448663dab83b1887974caff31ee88225b

                              SHA512

                              097f13f09a4cf5b76051d3351a637cea342d8192a6217da743437eec231fddb979ea474a85ef3be41cfa40b11f9256a6c29f9e142d7269e32ebc72a1663828c4

                              Download Submit
                            • C:\Users\Admin\Desktop\ShowAssert.mp4v
                              Filesize

                              871KB

                              MD5

                              899a7a26b2c5300b3fdad335c80d9e6e

                              SHA1

                              c5178bd133213e14848379bb850255be4b8d2086

                              SHA256

                              76f298695caf49417240b8aa494a12cc0c78b88434a32aecf94d9b8d066ce6a2

                              SHA512

                              ce8feed10cb11fbc03207f2f17fcc2d2017844a9c38527d19ff29399ebcb64b93bde1ce17adff519fe60d33d6402a6d369beba428daf74089b269dfd205c1373

                              Download Submit
                            • C:\Users\Admin\Desktop\ShowUnpublish.aifc
                              Filesize

                              728KB

                              MD5

                              2afae324cc4dc9e962ff79302de53cd6

                              SHA1

                              67e409143cfae4ab8aefd4db33321a5f17369d33

                              SHA256

                              c6b6c56da3182ddd348f3d521acf85ca33fa6ac4a49eb380620b912dfd8ed20d

                              SHA512

                              ebcc2cc41e93c7a61c6f445a4f8d8edf192b466b3d6ac7842c5e1927e0f9a3b3f9d50ceb9415943243de0f7fdd2b7a70ed24a11558256a38a0a77dfd6201662e

                              Download Submit
                            • C:\Users\Admin\Desktop\SuspendUninstall.pptm
                              Filesize

                              585KB

                              MD5

                              3a3ad2351ea4dca51befa7ed9dfab458

                              SHA1

                              6e087eb2078398c84c2430690eb7e8a668f456aa

                              SHA256

                              170df11cd212d6c118217a64391d202b2586f9ee709dfa69a3abc82e97bde59f

                              SHA512

                              f664be23e9a172c3ca1d8430ea0181a1b69eb6ffa0a3e07f1a56f33592640821f1dc3f434a933a30238572985dfb337d85d1c4e58ed1b6a200e1890693747755

                              Download Submit
                            • C:\Users\Admin\Desktop\TraceSelect.mht
                              Filesize

                              632KB

                              MD5

                              82d1fb703e3b6d54f1b5f3277b05497d

                              SHA1

                              b2dcbd2b67126948d03a601a0866a44deb5518dc

                              SHA256

                              655d2b0a242d59ec2bc0efd43144ade19576f1c0df88417709965e4e24bf0386

                              SHA512

                              c8a6aa5203d3534a8239d72c759cfcf6317298a8c21a9dfff68f19e1ba69ea809b257d38467f8ae5854b6d6fce174161f3442385245247ded8109d9b7f382727

                              Download Submit
                            • C:\Users\Admin\Desktop\UnpublishApprove.dot
                              Filesize

                              322KB

                              MD5

                              975c642c4a202ab8f0be13d1b30a343c

                              SHA1

                              efb168d0740f26fe35cf6835b11819b51c1b2d6e

                              SHA256

                              8547c995ee84aebe4a03bdf847b389b61fa9f1feef3a21bd6559d0cf547f9ebb

                              SHA512

                              6a67479a831bafe7a108e3da73046fc6b436507bb8622cb88923b8565c1c0a1b5ca3b2849607e15bcf855dda596e8dc670a02c44bc608f6c1cb0c7057c4226ef

                              Download Submit
                            • C:\Users\Admin\Desktop\WaitExit.aifc
                              Filesize

                              394KB

                              MD5

                              1caf23aef9430e8a082ddb165660451a

                              SHA1

                              90b13372d6ad5f83b046828316b4c30469090903

                              SHA256

                              d11570ec55b3f2e712a2f3cf9437d38a4586b451850f92af4a9b267ca196f9b1

                              SHA512

                              fb89a77e4c527a0f681920e17f84b939ea5159b9d1d4932a64dae304acdd3b48d8c9343cca29a9b3ac91971be25d19373ae4d2574171c74421eb7bad953e4408

                              Download Submit
                            • C:\Users\Admin\Desktop\WriteEnable.docx
                              Filesize

                              20KB

                              MD5

                              85e78d2665ff2815461001fc921eaa45

                              SHA1

                              8005434a29fbf42833a3edcae19e1e03f1b35d83

                              SHA256

                              9d53df4b24b9dc18500b6a564e2c3eec60fe44f28d25071073e7f7719e38b188

                              SHA512

                              326b8888ba38d54041701d7061361f42cb247e6c0497b8c01c301e07fe0d6a3772f9e02bfaafaa9ceaab8d62198f289308894c42658fe84a9ae4ec77eb6570cc

                              Download Submit
                            • C:\Users\Admin\Desktop\WriteResolve.cmd
                              Filesize

                              1.2MB

                              MD5

                              02f3c4c9335b4923f62b97f427360fce

                              SHA1

                              8b76ceb0c6efd33a316f61c473947e27dd8e0b7d

                              SHA256

                              5b3080b223cd094f894410a4d263592cee4db04eb541b8aad3d069a71d342bbb

                              SHA512

                              5eb145b92c32448af4fd0abe12bfeeea40a76f52e024154f7dcbeffeac0283a48ad781a1e09161c4023c382f0e6090226806b47b5e4054dd5c2bfa4062c503cc

                              Download Submit
                            • memory/3012-34-0x0000000003B00000-0x0000000003B10000-memory.dmp
                              Filesize

                              64KB

                              Download